| troNEINer | 09.03.2014 21:04 |
hier wie gewünscht die logs im Post:
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2014 01
Ran by Marvin at 2014-03-08 21:45:04
Running from E:\downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
ABBYY PDF Transformer 3.0 (HKLM-x32\...\ABBYY PDF Transformer 3.0) (Version: 3.00.502.68015 - ABBYY)
ABBYY PDF Transformer 3.0 (Version: 3.00.502.68015 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.71 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3823EC5A-1CA4-42CA-9D5B-F94ABD65410D}) (Version: - Microsoft)
DisplayFusion 5.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.0.0.0 - Binary Fortress Software)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1003 - Marvell)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA nTune (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA nTune (x32 Version: 1.00.0000 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Octoplus/Octopus box LG software 1.4.8 (HKLM-x32\...\Octoplus box LG software_is1) (Version: - Octoplus team)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Secure Download Manager (HKLM-x32\...\{531E35C7-B4E7-418C-A2CD-C1205D9C8AC9}) (Version: 3.1.20 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{35B02DA0-42CD-4117-A176-2D5AC9492ABC}) (Version: 6.4 - Silicon Laboratories, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{59446CD0-D49A-4154-BDD5-59CB3B6F89AC}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{BA61259D-63F0-4177-A0E1-E4064EC2B470}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version: - Microsoft)
Virtual Serial Port Driver 7.2 (Build 7.2.308) (HKLM\...\Virtual Serial Port Driver_is1) (Version: - ELTIMA Software)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version: - )
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.2-3 - BitNami)
==================== Restore Points =========================
02-03-2014 11:12:47 Windows Update
04-03-2014 10:44:33 Windows Update
04-03-2014 10:55:18 Installed Etron USB3.0 Host Controller
08-03-2014 12:09:29 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-10-28 21:28 - 00001302 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {5B9E401E-37DE-4576-941A-1F5DE5CB2DD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {7888D2B0-1BCA-4039-888D-59C2DAFF05C5} - System32\Tasks\AdobeAAMUpdater-1.0-MARVIN-Marvin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {9D27AAF2-378D-40C5-84A4-353287BE1349} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {A72FD762-9698-4F94-A01B-9034FEDA832D} - System32\Tasks\EVGAPrecision => D:\Overclock\EVGA Precision X\EVGAPrecision.exe [2013-07-18] ()
Task: {BD67F16E-7FAD-440C-886A-A44B9EA85D61} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-01-31] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-28 20:52 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-14 21:54 - 2014-03-04 00:21 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () D:\FileZilla-3.7.3\FileZilla FTP Client\fzshellext_64.dll
2013-11-26 22:38 - 2013-11-26 22:38 - 02169856 ___SH () C:\Windows\System32\hale.exe
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Marvin\AppData\Roaming\Dropbox\bin\libcef.dll
2011-08-22 12:57 - 2011-08-22 12:57 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2013-10-27 23:52 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-03-04 12:26 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-04 12:26 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 12:26 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 12:26 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2013-11-03 03:10 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Bluetooth Connection Assistant => LBTWIZ.EXE -silent
MSCONFIG\startupreg: DisplayFusion => "D:\DisplayFusion\DisplayFusion.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/08/2014 09:44:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/08/2014 09:43:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AutoKMS.exe, Version: 2.4.9.0, Zeitstempel: 0x522118df
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fe915e7998
ID des fehlerhaften Prozesses: 0xb40
Startzeit der fehlerhaften Anwendung: 0xAutoKMS.exe0
Pfad der fehlerhaften Anwendung: AutoKMS.exe1
Pfad des fehlerhaften Moduls: AutoKMS.exe2
Berichtskennung: AutoKMS.exe3
Error: (03/08/2014 09:43:13 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei �.�.�(System.String, System.String, System.String, �.�)
bei �.�..ctor()
bei �.�.�(�.�)
bei �.�.�()
Error: (03/08/2014 09:43:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AutoKMS.exe, Version: 2.4.9.0, Zeitstempel: 0x522118df
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fe91f67998
ID des fehlerhaften Prozesses: 0x5dc
Startzeit der fehlerhaften Anwendung: 0xAutoKMS.exe0
Pfad der fehlerhaften Anwendung: AutoKMS.exe1
Pfad des fehlerhaften Moduls: AutoKMS.exe2
Berichtskennung: AutoKMS.exe3
Error: (03/08/2014 09:43:02 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei �.�.�(System.String, System.String, System.String, �.�)
bei �.�..ctor()
bei �.�.�(�.�)
bei �.�.�()
Error: (03/08/2014 01:00:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/08/2014 00:59:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AutoKMS.exe, Version: 2.4.9.0, Zeitstempel: 0x522118df
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fe92b47998
ID des fehlerhaften Prozesses: 0xae8
Startzeit der fehlerhaften Anwendung: 0xAutoKMS.exe0
Pfad der fehlerhaften Anwendung: AutoKMS.exe1
Pfad des fehlerhaften Moduls: AutoKMS.exe2
Berichtskennung: AutoKMS.exe3
Error: (03/08/2014 00:59:37 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei �.�.�(System.String, System.String, System.String, �.�)
bei �.�..ctor()
bei �.�.�(�.�)
bei �.�.�()
Error: (03/08/2014 00:58:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AutoKMS.exe, Version: 2.4.9.0, Zeitstempel: 0x522118df
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fe98c57998
ID des fehlerhaften Prozesses: 0x638
Startzeit der fehlerhaften Anwendung: 0xAutoKMS.exe0
Pfad der fehlerhaften Anwendung: AutoKMS.exe1
Pfad des fehlerhaften Moduls: AutoKMS.exe2
Berichtskennung: AutoKMS.exe3
Error: (03/08/2014 00:58:36 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei �.�.�(System.String, System.String, System.String, �.�)
bei �.�..ctor()
bei �.�.�(�.�)
bei �.�.�()
System errors:
=============
Error: (03/08/2014 09:42:58 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/08/2014 09:42:49 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/08/2014 00:58:23 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/07/2014 06:10:27 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/06/2014 10:26:30 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/06/2014 06:46:49 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/05/2014 07:04:09 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/05/2014 00:06:46 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/04/2014 09:28:41 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/04/2014 11:58:01 AM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Microsoft Office Sessions:
=========================
Error: (03/08/2014 09:44:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/08/2014 09:43:13 PM) (Source: Application Error)(User: )
Description: AutoKMS.exe2.4.9.0522118dfunknown0.0.0.000000000c0000005000007fe915e7998b4001cf3b0f05b070c6C:\Windows\AutoKMS\AutoKMS.exeunknown440d217b-a702-11e3-a136-002522cc62e9
Error: (03/08/2014 09:43:13 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei �.�.�(System.String, System.String, System.String, �.�)
bei �.�..ctor()
bei �.�.�(�.�)
bei �.�.�()
Error: (03/08/2014 09:43:03 PM) (Source: Application Error)(User: )
Description: AutoKMS.exe2.4.9.0522118dfunknown0.0.0.000000000c0000005000007fe91f679985dc01cf3b0efc2d368dC:\Windows\AutoKMS\AutoKMS.exeunknown3deed806-a702-11e3-a136-002522cc62e9
Error: (03/08/2014 09:43:02 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei �.�.�(System.String, System.String, System.String, �.�)
bei �.�..ctor()
bei �.�.�(�.�)
bei �.�.�()
Error: (03/08/2014 01:00:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/08/2014 00:59:37 PM) (Source: Application Error)(User: )
Description: AutoKMS.exe2.4.9.0522118dfunknown0.0.0.000000000c0000005000007fe92b47998ae801cf3ac5e06661dbC:\Windows\AutoKMS\AutoKMS.exeunknown1eada62d-a6b9-11e3-9ae7-002522cc62e9
Error: (03/08/2014 00:59:37 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei �.�.�(System.String, System.String, System.String, �.�)
bei �.�..ctor()
bei �.�.�(�.�)
bei �.�.�()
Error: (03/08/2014 00:58:37 PM) (Source: Application Error)(User: )
Description: AutoKMS.exe2.4.9.0522118dfunknown0.0.0.000000000c0000005000007fe98c5799863801cf3ac5b90ad252C:\Windows\AutoKMS\AutoKMS.exeunknownfb1a5554-a6b8-11e3-9ae7-002522cc62e9
Error: (03/08/2014 00:58:36 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei �.�.�(System.String, System.String, System.String, �.�)
bei �.�..ctor()
bei �.�.�(�.�)
bei �.�.�()
CodeIntegrity Errors:
===================================
Date: 2013-10-28 23:52:42.592
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-28 23:52:42.576
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-28 23:52:41.546
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-28 23:52:41.531
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-28 23:52:40.501
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-28 23:52:40.486
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-28 23:52:39.456
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-28 23:52:39.440
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-28 23:52:26.430
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-28 23:52:26.414
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Overclock\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 8100.16 MB
Available physical RAM: 5909.93 MB
Total Pagefile: 8098.34 MB
Available Pagefile: 5731.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:111.79 GB) (Free:23.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Apps) (Fixed) (Total:298.09 GB) (Free:277.03 GB) NTFS
Drive e: (Media) (Fixed) (Total:931.51 GB) (Free:722.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Filme und Serien) (Fixed) (Total:3725.9 GB) (Free:987.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 84ED84ED)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C277C12B)
Partition: GPT Partition Type.
========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 8CCE3EBE)
Partition: GPT Partition Type.
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: BFB608A2)
Partition: GPT Partition Type.
==================== End Of Log ============================
defogger_log: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:42 on 08/03/2014 (Marvin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:AlcoholAutomount -> Removed
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by Marvin (administrator) on MARVIN on 08-03-2014 21:44:51
Running from E:\downloads
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Binary Fortress Software) D:\DisplayFusion\DisplayFusionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Windows\System32\hale.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) D:\Office\Office14\MSOSYNC.EXE
(Binary Fortress Software) D:\DisplayFusion\DisplayFusion.exe
(Dropbox, Inc.) C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Binary Fortress Software) D:\DisplayFusion\DisplayFusionAppHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] - D:\Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1064224 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Chew7Hale] - C:\Windows\System32\hale.exe [2169856 2013-11-26] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2103506691-1578233972-2136801239-1000\...\Run: [OfficeSyncProcess] - D:\Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2103506691-1578233972-2136801239-1000\...\Run: [NVIDIA nTune] - "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
HKU\S-1-5-21-2103506691-1578233972-2136801239-1000\...\Run: [ASRockXTU] - [X]
HKU\S-1-5-21-2103506691-1578233972-2136801239-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-2103506691-1578233972-2136801239-1000\...\Run: [DisplayFusion] - D:\DisplayFusion\DisplayFusion.exe [7203712 2013-02-11] (Binary Fortress Software)
Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x12978A0736D3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.6.1
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-27]
CHR Extension: (Google Drive) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-27]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-27]
CHR Extension: (Adblock Plus) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-27]
CHR Extension: (Pushbullet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-03-04]
CHR Extension: (Google-Suche) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2013-10-27]
CHR Extension: (Classic Popup Blocker) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2013-12-11]
CHR Extension: (Privacy Palette) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2013-10-27]
CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
CHR Extension: (Google Mail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]
==================== Services (Whitelisted) =================
R2 DisplayFusionService; D:\DisplayFusion\DisplayFusionService.exe [1243024 2013-02-11] (Binary Fortress Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-04] ()
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [X]
==================== Drivers (Whitelisted) ====================
S3 evserial7; C:\Windows\System32\DRIVERS\evserial7.sys [71472 2012-05-23] (ELTIMA Software)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-10-27] (Duplex Secure Ltd.)
R3 VSBC7; C:\Windows\System32\DRIVERS\evsbc7.sys [36656 2012-05-23] (ELTIMA Software)
S3 ALSysIO; \??\C:\Users\Marvin\AppData\Local\Temp\ALSysIO64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-08 21:44 - 2014-03-08 21:44 - 00000000 ____D () C:\FRST
2014-03-08 21:42 - 2014-03-08 21:42 - 00000136 _____ () C:\Users\Marvin\defogger_reenable
2014-03-08 00:19 - 2014-03-08 00:19 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-08 00:19 - 2012-05-23 10:32 - 00071472 _____ (ELTIMA Software) C:\Windows\system32\Drivers\evserial7.sys
2014-03-08 00:19 - 2012-05-23 10:31 - 00036656 _____ (ELTIMA Software) C:\Windows\system32\Drivers\evsbc7.sys
2014-03-04 11:57 - 2010-07-12 14:50 - 00232264 _____ (FTDI Ltd.) C:\Windows\system32\ftd2xx.dll
2014-03-04 11:57 - 2010-07-12 14:50 - 00198464 _____ (FTDI Ltd.) C:\Windows\SysWOW64\ftd2xx.dll
2014-03-04 11:57 - 2010-07-12 14:50 - 00108872 _____ (FTDI Ltd.) C:\Windows\system32\ftbusui.dll
2014-03-04 11:57 - 2010-07-12 14:49 - 00211776 _____ (FTDI Ltd.) C:\Windows\system32\FTLang.dll
2014-03-04 11:57 - 2010-07-12 14:49 - 00072648 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys
2014-03-04 11:55 - 2014-03-04 11:55 - 00000000 ____D () C:\Program Files (x86)\Etron Technology
2014-03-04 11:50 - 2014-02-13 17:56 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2014-03-03 13:03 - 2014-03-03 13:03 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-03-03 13:03 - 2014-03-03 13:03 - 00000388 _____ () C:\Windows\LkmdfCoInst.log
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Logitech
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-03-03 13:02 - 2014-03-03 13:02 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Logitech
2014-03-03 13:02 - 2014-03-03 13:02 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Logishrd
2014-02-26 19:09 - 2014-03-08 21:37 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DisplayFusion
2014-02-26 19:09 - 2014-02-26 19:09 - 00000000 __SHD () C:\Users\Marvin\AppData\Roaming\Common
2014-02-26 19:09 - 2014-02-26 19:09 - 00000000 ____D () C:\ProgramData\Binary Fortress Software
2014-02-26 19:08 - 2014-02-26 19:08 - 00000000 ____D () C:\Users\Marvin\Documents\DisplayFusion Backups
2014-02-26 17:27 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 17:27 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-24 19:31 - 2014-03-08 17:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\vlc
2014-02-24 19:25 - 2014-03-04 00:39 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-24 19:25 - 2014-02-24 19:25 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PunkBuster
2014-02-24 19:23 - 2014-02-24 19:23 - 00000000 ____D () C:\Users\Marvin\AppData\Local\ESN
2014-02-24 19:23 - 2014-02-24 19:23 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-02-24 19:22 - 2014-02-24 19:25 - 00000000 ____D () C:\Users\Marvin\Documents\Battlefield 3
2014-02-24 19:22 - 2014-02-24 19:22 - 00000000 ____D () C:\ProgramData\EA Core
2014-02-23 13:05 - 2014-02-23 13:05 - 00000000 ____D () C:\Users\Marvin\Documents\Alcohol 120%
2014-02-12 18:20 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:20 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:20 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 18:20 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:20 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 18:20 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 18:20 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:20 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 18:20 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:20 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:20 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 18:20 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 18:20 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 18:20 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 18:20 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 18:20 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 18:20 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:20 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 18:20 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 18:20 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 18:20 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:20 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 18:20 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 18:20 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:20 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 18:20 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 18:20 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 18:20 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 18:20 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 18:20 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:20 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:20 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 18:20 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 18:20 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 18:20 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:20 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 18:20 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 18:20 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 18:20 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 18:20 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 18:20 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 18:18 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 18:18 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 18:18 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 18:18 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 18:17 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 18:17 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 18:17 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 18:17 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 18:17 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 18:17 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 18:17 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 18:17 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 18:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 18:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 18:17 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 18:17 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 18:17 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 18:17 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 18:17 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 18:17 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 18:17 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 18:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 18:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 18:17 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 18:17 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 18:17 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 18:17 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 18:17 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
==================== One Month Modified Files and Folders =======
2014-03-08 21:44 - 2014-03-08 21:44 - 00000000 ____D () C:\FRST
2014-03-08 21:44 - 2013-10-27 23:27 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Dropbox
2014-03-08 21:43 - 2013-11-13 22:15 - 00003000 _____ () C:\Windows\System32\Tasks\EVGAPrecision
2014-03-08 21:43 - 2013-10-27 18:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 21:42 - 2014-03-08 21:42 - 00000136 _____ () C:\Users\Marvin\defogger_reenable
2014-03-08 21:42 - 2013-12-22 01:00 - 00040124 _____ () C:\Windows\setupact.log
2014-03-08 21:42 - 2013-10-28 22:08 - 00000000 ____D () C:\Users\Marvin\Documents\Outlook-Dateien
2014-03-08 21:42 - 2013-10-27 18:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-08 21:42 - 2013-10-27 16:31 - 01165023 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 21:42 - 2013-10-27 16:30 - 00000000 ____D () C:\Users\Marvin
2014-03-08 21:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 21:42 - 2009-07-14 05:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 21:42 - 2009-07-14 05:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 21:37 - 2014-02-26 19:09 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DisplayFusion
2014-03-08 21:25 - 2013-10-27 18:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 17:40 - 2014-02-24 19:31 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\vlc
2014-03-08 13:37 - 2010-11-21 07:22 - 00699324 _____ () C:\Windows\system32\perfh007.dat
2014-03-08 13:37 - 2010-11-21 07:22 - 00149464 _____ () C:\Windows\system32\perfc007.dat
2014-03-08 13:37 - 2009-07-14 06:13 - 01620248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-08 00:19 - 2014-03-08 00:19 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-05 01:24 - 2013-10-28 22:04 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\FileZilla
2014-03-04 20:07 - 2013-10-27 16:30 - 00000000 ____D () C:\Users\Marvin\AppData\Local\VirtualStore
2014-03-04 19:45 - 2013-11-12 22:44 - 00000000 ____D () C:\ProgramData\Origin
2014-03-04 19:45 - 2013-11-12 22:44 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-04 11:55 - 2014-03-04 11:55 - 00000000 ____D () C:\Program Files (x86)\Etron Technology
2014-03-04 11:55 - 2013-10-27 16:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 11:44 - 2013-10-27 21:43 - 01593592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-04 02:29 - 2013-10-27 23:57 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-03-04 02:29 - 2013-10-27 23:57 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-03-04 00:52 - 2013-11-12 22:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-04 00:39 - 2014-02-24 19:25 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-04 00:39 - 2013-11-14 21:54 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-04 00:28 - 2013-11-14 21:54 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-04 00:21 - 2013-11-14 21:54 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-03 13:03 - 2014-03-03 13:03 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-03-03 13:03 - 2014-03-03 13:03 - 00000388 _____ () C:\Windows\LkmdfCoInst.log
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Logitech
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-03-03 13:02 - 2014-03-03 13:02 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Logitech
2014-03-03 13:02 - 2014-03-03 13:02 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Logishrd
2014-03-03 12:08 - 2013-10-27 22:27 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-03-03 12:08 - 2010-11-21 04:47 - 00197468 _____ () C:\Windows\PFRO.log
2014-03-03 12:07 - 2013-10-27 23:30 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-03-03 12:07 - 2013-10-27 23:29 - 00018686 _____ () C:\Windows\LDPINST.LOG
2014-03-03 00:52 - 2013-11-03 02:32 - 00002266 ____H () C:\Users\Marvin\Documents\Default.rdp
2014-03-02 16:06 - 2013-12-22 13:04 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Notepad++
2014-02-26 23:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-26 19:09 - 2014-02-26 19:09 - 00000000 __SHD () C:\Users\Marvin\AppData\Roaming\Common
2014-02-26 19:09 - 2014-02-26 19:09 - 00000000 ____D () C:\ProgramData\Binary Fortress Software
2014-02-26 19:08 - 2014-02-26 19:08 - 00000000 ____D () C:\Users\Marvin\Documents\DisplayFusion Backups
2014-02-24 23:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-24 23:29 - 2013-11-03 03:10 - 00000000 ____D () C:\Program Files\Intel
2014-02-24 23:29 - 2013-10-27 22:29 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-02-24 22:41 - 2013-10-28 19:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-24 19:25 - 2014-02-24 19:25 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PunkBuster
2014-02-24 19:25 - 2014-02-24 19:22 - 00000000 ____D () C:\Users\Marvin\Documents\Battlefield 3
2014-02-24 19:23 - 2014-02-24 19:23 - 00000000 ____D () C:\Users\Marvin\AppData\Local\ESN
2014-02-24 19:23 - 2014-02-24 19:23 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-02-24 19:22 - 2014-02-24 19:22 - 00000000 ____D () C:\ProgramData\EA Core
2014-02-24 19:22 - 2013-11-12 22:45 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Origin
2014-02-24 19:22 - 2013-11-12 22:44 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-02-24 19:09 - 2013-12-29 14:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-02-24 19:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-02-24 19:05 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-24 18:59 - 2013-12-29 14:34 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-02-24 18:58 - 2013-12-29 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-02-24 18:17 - 2013-10-28 21:37 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\NVIDIA
2014-02-23 13:05 - 2014-02-23 13:05 - 00000000 ____D () C:\Users\Marvin\Documents\Alcohol 120%
2014-02-21 22:03 - 2013-10-27 16:30 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-20 23:20 - 2013-10-27 18:03 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-20 23:20 - 2013-10-27 18:03 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 17:56 - 2014-03-04 11:50 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2014-02-12 18:25 - 2013-10-27 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 18:24 - 2013-10-27 22:29 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 18:21 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-06 13:16 - 2014-02-12 18:20 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 18:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 18:20 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 18:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 18:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 18:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 18:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 18:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 18:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 18:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 18:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 18:20 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 18:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 18:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 18:20 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 18:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 18:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 18:20 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 18:20 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 18:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 18:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 18:20 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 18:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 18:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 18:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 18:20 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 18:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 18:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 18:20 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 18:20 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 18:20 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 18:20 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 18:20 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 18:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 18:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 18:20 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 18:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.4.Installer.exe
C:\Users\Marvin\AppData\Local\Temp\ose00000.exe
C:\Users\Marvin\AppData\Local\Temp\sonarinst.exe
C:\Users\Marvin\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Marvin\AppData\Local\Temp\vlc-2.1.3-win64.exe
C:\Users\Marvin\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-01 11:09
==================== End Of Log ============================
--- --- ---
Gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-08 22:11:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T0L0-1 Corsair_Force_3_SSD rev.1.3.2 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Marvin\AppData\Local\Temp\pgddypob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071dd1a22 2 bytes [DD, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071dd1ad0 2 bytes [DD, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071dd1b08 2 bytes [DD, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071dd1bba 2 bytes [DD, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071dd1bda 2 bytes [DD, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750f1465 2 bytes [0F, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750f14bb 2 bytes [0F, 75]
.text ... * 2
.text C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe[3412] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000750f1465 2 bytes [0F, 75]
.text C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe[3412] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000750f14bb 2 bytes [0F, 75]
.text ... * 2
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750f1465 2 bytes [0F, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750f14bb 2 bytes [0F, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D57F9E74-F555-4FC1-970D-0962DDB9AFCB}\offreg.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [936](2014-03-08 20:44:00) 000007fef2d90000
Library C:\Users\Marvin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe [3412](2014-01-03 00:45:04) 0000000003f40000
Library C:\Users\Marvin\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe [3412](2013-10-18 23:55:02) 000000006bbb0000
Library C:\Users\Marvin\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe [3412] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000006a890000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0007617dd0f3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0007617dd0f3@0007618471c8 0x91 0xB9 0xE5 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x31 0xB4 0x3E 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6B 0xCB 0xC4 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCD 0xCE 0xA3 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0007617dd0f3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0007617dd0f3@0007618471c8 0x91 0xB9 0xE5 0xBC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x31 0xB4 0x3E 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6B 0xCB 0xC4 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCD 0xCE 0xA3 0xD5 ...
---- EOF - GMER 2.1 ----
|
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
